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CLAIMS 

Please cancel Claims 14 and 15. Please amend Claims 1, 12 and 16 as 
follows: 

1 . (Cun^ently Amended) A method for configuring an Intrusion detection system 
in a network, comprising: 

determining a location for a deployed intrusion detection sensor of said 
intrusion detection system wherein said sensor in enabled to monitor 
communication in a portion of said network; 

deploying said intrusion detection sensor in said location in said 
network; 

tuning said intrusion detection sensor to an appropriate level of 
awareness of content in said communication in said network so that an 
appropriate response can be generated based on a type of a detected 
intrusion in said network : 

prioritizing responses generated by said intrusion detection sensor to 
achieve said ffanll appropriate response to said ff al] detected intrusion in said 
networ k, wherein said prioritizing is based on said tvoe of said detected 
intrusion : and 

configuring intrusion response mechanisms in said network so that 
said mechanisms provide said appropriate response to said detected 
intrusion to ach ie v e an appropriat e r e sponse by said m ft ohnn l fimr , 

2. (Original) The method described in Claim 1 further comprising re-tuning said 
intrusion detection sensor in response to a prior intrusion detection. 

3. (Original) The method described in Claim 1 wherein said network comprises 
communication protected by a firewall. 

4. (Original) The method described in Claim 1 wherein said determining 
comprises determining a cost effective location in said network. 

5. (Original) The method described in Claim 1 wherein said deploying comprises 
locating said sensor in a logical location in said network suitable to said monitoring 
said communication and to communicating out-of-band with said intrusion detection 
system. 
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6. (Original) The method described in Claim 1 wherein said prioritizing 
comprises enabling said intrusion detection sensor to scale a response to a 
determined level of threat posed by an intrusion. 

7. (Original) The method described in Claim 1 wherein said network is a 
provisionable networi<. 

8. (Original) The method described in Claim 7 wherein said provisionable 
network comprises a utility data center. 

9. (Original) The method described in Claim 1 wherein said tuning comprises 
desensitizing said sensor to an intrusion representing a low probability of 
penetrating a firewall. 

1 0. (Original) The method described in Claim 9 wherein said desensitizing 
comprises checking the attack signature of an intrusion against a set of firewall 
rules. 

1 1 . (Original) The method described in Claim 1 wherein said tuning comprises 
desensitizing said sensor to reduce false positive indications over an extended 
period. 

1 2. (Cun-ently Amended) A system for protecting security of a provisionable 
network, comprising: 

a network server; 

a pool of resources coupled with said server for employment by a 

client; 

a resource management system for managing said resources; and 
an intrusion detection system enabled to detect and respond to an 
Intrusion in said networ k, wherein said intrusion detection system comprises 
an intrusion detection sensor that is tunable to determine a threat level posed 
by a detected intrusion . 

13. (Original) The system described in Claim 12 wherein said provisionable 
network comprises a utility data center. 

14. (Cancelled) 

1 5. (Cancelled) 
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16. (Currently Amended) The system described in Claim [[15]] 12 wherein said 
intrusion detection system is tunable to generate a response appropriate to said 
threat level of said detected intrusion. 

17. (Original) The system described in Claim 16 wherein said response 
comprises an alarm. 

18. (Original) The system described in Claim 16 wherein said response 
comprises a lockout of a portion of said network. 

19. (Original) A network intrusion detection system, comprising: 

a network device comprising intrusion detection software, said device 
communicatively coupled with a provisionable network; 

a trust hierarchy, comprising a portion of said network and enabled to 
communicate with said software and to cause evaluation of a detected 
intrusion; 

a deployable, tunable, intrusion detection sensor; and 
a network device enabled to generate a response to a detected 
intrusion. 

20. (Original) The intmsion detection system described in Claim 19 wherein said 
networic comprises a utility data center. 

21 . (Original) The intrusion detection system described in Claim 19 wherein said 
provisionable network comprises a resource pool. 

22. (Original) The intrusion detection system described in Claim 19 wherein said 
provisionable network comprises a resource manager. 

23. (Original) The intrusion detection system described in Claim 1 9 wherein said 
provisionable network comprises a network intmsion detection system. 

24. (Original) The intrusion detection system described in Claim 1 9 wherein said 
providing a deployable intrusion detection probe is accomplished in said network 
intrusion detection system. 

25. (Original) The intrusion detection system described in Claim 1 9 wherein said 
generating an alert based on said detection of said intrusion is accomplished in said 
network intrusion detection system. 



Serial No. 10/627,374 
Examiner: Song, Hosuk 



4- 



Art Unit 2135 
200309162-1 



26. (Original) The intrusion detection system described in Claim 19 wherein said 
trust hierarchy is configurable. 

27. (Original) The intrusion detection system described in Claim 19 wherein said 
generating a response comprises initiating a lockout of a portion of said network. 
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